General

  • Target

    70a6a0858435ef78c13ec4610da2228a

  • Size

    5.1MB

  • Sample

    231226-qakc9afacl

  • MD5

    70a6a0858435ef78c13ec4610da2228a

  • SHA1

    2bb1c6dba059246d56742576d5e61de278b05549

  • SHA256

    937708964bb6b8cce5d5628d7ad431d6f970a544fd81b96e71a1780dbf0d5fca

  • SHA512

    1292fd2212522b1ffca2d82a77a720f390995e3e287405fddf2a46c1e510b812e9effa26ef4d4bbbe4771da7928b93552a377c21dbda0a5b0b2fdc59f31653e7

  • SSDEEP

    98304:RWsvyeTrOHK+zqj0vTzOTIlFP9NE6/X/XT3fccPO4e/Jm1f/2G42JNiD/:RWET6zBveTuPjN/XTfccKQ38

Malware Config

Targets

    • Target

      70a6a0858435ef78c13ec4610da2228a

    • Size

      5.1MB

    • MD5

      70a6a0858435ef78c13ec4610da2228a

    • SHA1

      2bb1c6dba059246d56742576d5e61de278b05549

    • SHA256

      937708964bb6b8cce5d5628d7ad431d6f970a544fd81b96e71a1780dbf0d5fca

    • SHA512

      1292fd2212522b1ffca2d82a77a720f390995e3e287405fddf2a46c1e510b812e9effa26ef4d4bbbe4771da7928b93552a377c21dbda0a5b0b2fdc59f31653e7

    • SSDEEP

      98304:RWsvyeTrOHK+zqj0vTzOTIlFP9NE6/X/XT3fccPO4e/Jm1f/2G42JNiD/:RWET6zBveTuPjN/XTfccKQ38

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks